We are using SPF on our SF and I'm seeing rejections do to SPF failures. Here is what I'm seeing in the log files. User Joe has an email account joe@ispname.com but he has a cable connection. We do not allow any customers not to send outgoing mail to our SMTP relay server when the user is not on our ip network. So he uses the cable provider's outgoing mail server. When he sends an email using his joe@ispname.com to another user on ispname.com mail server it gets rejected due to SPF fails due to ispname.com TXT record does not contain the ip address of the cable provider's mail server. The cable provider does have SPF txt record setup for their mail server ip addresses but it seems that the Spam Filter Software doesn't look at the connection ip address of the cable provider's mail server. It only looks at the email address domain name and rules against that.

Is this the way it's supposed to be or is there a bug in the way SPF within Spam Filter is working.

SPF is a good idea, but it does have some drawbacks. You've encountered one of them. That is just how SPF is supposed to work.

SPF is used to authenticate the sender, it verifies that the sender is authorized to send email from a specific domain.

The following applies only if I understood you correctly and ispname.com is one of *your* domains.

joe@ispname.com cannot use your outgoing SMTP server per your policies.
So he uses his cable company's SMTP server, but is still using
"joe@ispname.com" as his email address when doing so, even though his
cable company is rr.com for example.

rr.com accepts joe's email (and some cable companies may reject it in
the future, as he's not using a "from" address belonging to his cable
company) and then sends it to you, or to any other ISP who is using SPF
filters. The SPF filter at this point looks at the "from" domain. It's
ispname.com. It then queries your DNS to see if the IP connecting to
the SPF server is authorized to send email on behalf of ispname.com.
I'm pretty sure you don't have rr.com SMTP server's IP address in
there, so it will fail. This is just what SPF is supposed to do, to
verify that rr.com can send emails using ispname.com as the "from"
email address.

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot delete your posts in this forumYou cannot edit your posts in this forumYou cannot create polls in this forumYou cannot vote in polls in this forum